samantharitter
commented
8 years ago +1, I would also like to know if there are plans to make using libraries besides OpenSSL with ASIO possible.
Open boldandbusted opened 8 years ago
samantharitter
commented
8 years ago +1, I would also like to know if there are plans to make using libraries besides OpenSSL with ASIO possible.
byllyfish
commented
8 years ago ASIO is a header-based library. To use it with alternate versions of OpenSSL, you need to compile your programs using the appropriate SSL headers: OpenSSL, LibreSSL or BoringSSL. ASIO is not a shared library that requires other dependencies on its deployment system. The compiled program (or library that uses ASIO) would be the artifact with the system-level dependency.
I use the HEAD of the ASIO master branch with BoringSSL, and it works fine. In my case, I tell the compilers to use the BoringSSL headers, not the system ones, and then static link the ssl and crypto libs into my program.
I tried to use LibreSSL 2.2.5 with ASIO but I ran into a problem. LibreSSL coopts the OPENSSL_VERSION_NUMBER macro; LibreSSL appears as OpenSSL 2.0.0. This breaks code that depends on the OPENSSL_VERSION_NUMBER macro for feature testing.
Some functions added in OpenSSL 1.0.2 are not present in LibreSSL, which is forked from OpenSSL 1.0.1. When testing against 1.0.2 or later, you also need to check for LibreSSL. There is only one such case in the latest version:
diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp
index 383711b..33d58e6 100644
--- a/asio/include/asio/ssl/impl/context.ipp
+++ b/asio/include/asio/ssl/impl/context.ipp
@@ -539,7 +539,7 @@ asio::error_code context::use_certificate_chain(
return ec;
}
-#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER))
::SSL_CTX_clear_chain_certs(handle_);
#else
if (handle_->extra_certs)
UMU618
commented
9 months ago LibreSSL supported TLS 1.3 in version 3.2.0. but ASIO doesn't when linking with LibreSSL.
Howdy. I'm just a dumb sysadmin here, so apologies for the ham-fistedness. I'm working to track down libraries that explicitly require OpenSSL, when they could also use alternatives, like LibreSSL, when the alternatives pledge API compatibility. Due to the general codebase improvements promised in LibreSSL and greater community attention and resources put toward LibreSSL, I'd like to have the option.
Apparently, after some sleuthing, it seems that boost + asio is somehow hard-linking to OpenSSL. Is there any movement to making this library "SSL/TLS-agnostic"? :)
Thank you, and apologies in advance if this is a dupe or just plain wrongly framed.